Chocolate Factory tickled with featherweight €300k fine

Seven years after Google raised hackles by collecting information about Wi-Fi access points with its Street View fleet, Spain's privacy regulator has fined the company €300,000.

The country's data protection agency, La Agencia Española de Protección de Datos (AEPD), announced the fine on November 7th, 2017.

The privacy row first arose in 2010, when people realised that Google's then-kinda-new StreetView photo-collection-mobiles were collecting the names names, MAC addresses and locations of WiFi access points in homes and businesses. Google put its hands up in public with the usual “we made a mistake” defence, and quit the data collection.

The AEPD's seven-year investigation was suspended during a separate criminal investigation. When that process expired, the data protection agency resumed its work.

The agency decided the Chocolate Factory had, indeed, “collected information of different types without those affected having knowledge that said data collection was taking place and without their consent”.

Its announcement says the collection included e-mail addresses and passwords, “IP addresses, MAC addresses of routers and devices connected to them, or names of wireless networks (SSID) configured with the name and surnames of the person in charge”.

It was also critical of Mountain View's security, adding: “It has not been proven that Google treated specially protected data through these systems.”

And there's a final barb for those who blame users for being loose with their data: failing to encrypt your wireless network “does not authorise in any way the collection of the information carried out or any subsequent use thereof”. ®